You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Gary Henson <Ga...@AdvantageGroup.co.nz> on 2001/04/19 07:25:19 UTC
JDBC Realm - User Roles
I've been trying to set up JDBC Realm authentication with Tomcat.
I've run into a problem when it comes to roles. The user is authenticated
alright, but the roles do not seem to be
taken from the database. I always get redirected to the error jsp unless I
have the user and role specified in the
tomcat-users.xml file.
This is the setup I have:
** server.xml ***
<RequestInterceptor className="org.apache.tomcat.request.JDBCRealm"
debug="99"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@testdbase: <mailto:connectionURL=>
1521:TEST"
connectionName="user"
connectionPassword="pass"
userTable="security_user" userNameCol="user_id"
userCredCol="user_password"
userRoleTable="security_user_role" roleNameCol="role_name" />
All the mentioned tables and columns do exist, I've checked a lot.
*** web.xml ***
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Area</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>testrole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/secure/login/login.jsp</form-login-page>
<form-error-page>/secure/login/error.jsp</form-error-page>
</form-login-config>
</login-config>
As mentioned above, this doesn't work unless I also have the following in
tomcat-users.xml
<user name="me" password="" roles="testrole" />
And yes, it works without the password being in the file. This suggests to
me that the username/password is
being checked against the database, but the role against tomcat-users.xml.
I'm using Tomcat 3.2.1 currently
as a stand-alone server. Please help, I'm going crazy.
Gary.